Covid-19: Adjusting the Workplace “From Office To Home”
by David Wren
The past few weeks have shown us that remote work is becoming an important tool for millions of office workers. Whether by choice or temporary requirement, many of us are working from home to maintain productivity and prevent the spread of illness. While the world is focused on Covid-19, it is important for all of us to maintain vigilance against threat actors who are reaching out of the gutters to take advantage of this situation. We have already seen attempts at exploiting the fear of Coronavirus by bad actors sending emails offering vaccines and antidotes.
To maintain system integrity, it is crucial that we provide our employees with a secure work environment and the proper training to continue operating in these conditions. The security of our systems must adapt quickly to accompany the large amount of remote access required. One of our tools for every employee to use is Multi-Factor Authentication (see last months’ article). With Multi-Factor Authentication, we can ensure that only approved users have access to the sensitive data they require to complete their work. This change in work environment is an opportune time to implement MFA and allow for employees to become comfortable with its use. Once up and running, training should be conducted to ensure the proper use and adoption of MFA. In general, this is an easy process. Without Multi-Factor Authentication, employees are left vulnerable to phishing scams that only need to work once! For example, if a user receives an email that tricks them into exposing their credentials, MFA acts as another layer of security to stop the attacker. This requires the bad actor to not only comprise the credentials but also the other form of authentication such as a token delivered via text. As you can imagine, changing the work environment from a professional office environment to home, where children and spouses are potentially home as well, can create distractions and increase the level of vulnerability. These additional tools become critical to safeguarding the human element.
Recommendation: Provide training on how to use MFA and implement a mandatory MFA usage policy.
Following the rise in remote work environments, bad actors are recognizing that isolation is an opportunity for using phishing campaigns to exploit our employees. Even if you have or employ security awareness training and in-house phishing tools, it is management’s responsibility to educate employees on the risk and techniques of phishing scams. Many of these emails may contain false information and calls to action that entice clicking or executing malicious links. Another example of current fraudulent emails we are seeing are request for donations for displaced hourly workers. It is important to educate your employees on how to validate official sources of information and how to access valid sources such as CDC.gov. Additionally, how to validate legitimate donation requests and sites. For example, a user receives a fake (phishing) email from your organization’s supposed HR department detailing your organization’s actions regarding Covid-19. The user then clicks the provided link to access a login page for your organization and proceeds to enter credentials. The attacker has now gained valid credentials. This attack could have been prevented by educating your users on the proper sources of information and how to validate them. Human psychology works differently in new environments, add the stress of a global pandemic and you have fertile ground for bad actors.
Recommendation: Promote awareness of trusted sources and educate on phishing techniques.
Working outside of the office, it is essential that every employee use a VPN solution to insulate their traffic. VPN, is a virtual private network, which allows for a secure connection from home to the resources available on the company networks. Without a VPN, the transfer of sensitive documents and emails is unencrypted and vulnerable to interception. Implementing a VPN solution as a requirement to access internal network resources is paramount in allowing only authorized employees access to our valuable data. With the use of VPN technology, organizations are able to provide access to employees wherever they have internet access.
Recommendation: Require the use of a VPN solution to access company resources.
The location of our remote employees is an important consideration when reviewing our security policy. Unsecure WI-FI can nullify any precautions we take to protect our employees. Be sure to educate employees on the value of secure WI-FI sources and the use of public WI-FI found in your local coffee shop or library. Additionally, Bring Your Own Device (BYOD) policy must also be reviewed and adjusted to the security standards of your organization. The use of personal laptops generates risk associated with personal browsing and additional exposure to malware from sources unrelated to work. Company data being stored on BYOD devices has the potential to mix with personal data, blurring the line and exposing company data to unnecessary risk. Currently, there are some companies who sell next generation Advanced Endpoint Protection and Endpoint Detection and Response solutions who are offering their product free for the next 60 days for home workers. This adds an additional layer of security and monitoring.
Recommendation: Educate employees on secure working environments and verify that your BYOD policy is in-line with your organization’s security posture.
Now that the connection to our internal resources has been secured by using MFA, a VPN, and educating our users, we can continue maturing our security by monitoring the traffic on our network. Traffic analysis is a crucial function of a modern security plan and the high-stake nature of remote work. When a bad actor gains access to your network, it is important to act fast and prevent any downtimes or leaked data. Having preventable downtime in a remote environment halts productivity and further stresses the organization’s capabilities. By implementing advanced monitoring systems, such as NTP’s ARGISS platform, we can detect, visualize, and alert malicious behavior. The ability to act quickly and effectively on expedient yet accurate data is a necessity in maintaining organization resilience.
Recommendation: Use an advanced monitoring service to detect and alert suspicious behavior on your network.
Microsoft TEAMS and Slack have seen an increase in subscriptions for secure collaboration tools. These products allow organizations to communicate with a remote workforce. They allow groups of people to work together and share information in a common space. Additionally, it provides another form of monitoring projects, productivity, and engagement to provide a sense of normality in the workforce. Any solution should be monitored and a policy in force on how it is implemented and used to ensure a secure environment.
Recommendation: Investigate and use a secure collaboration platform to stay engaged and keep the flow of business moving forward.
I would like to thank Hunter Williamson, intern on my team, for providing research and support on the above article.
David Wren, CISM, is President of Network Technology Partners, a regional Cyber Security Intelligence firm headquartered in St. Louis, Mo. He can be reached at dwren@ntp-inc.com.
Submitted 4 years 239 days ago